Layer 2 person spoofing and impostor syndrome

C7bf554286ede7cb2786b5b19649c19b?s=47 Bea Hughes
November 22, 2017
680

Layer 2 person spoofing and impostor syndrome

For Bsides Wellington in New Zealand, November 2017

"Impostor syndrome, a concept describing individuals who are marked by an inability to internalize their accomplishments and a persistent fear of being exposed as a "fraud"."

C7bf554286ede7cb2786b5b19649c19b?s=128

Bea Hughes

November 22, 2017
Tweet

Transcript

  1. Layer 2 person spoofing and impostor syndrome % sudo ifconfig

    en0 ether 78:4f:43:69:1b:10 \ && ifconfig en0 | head -3 en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether 78:4f:43:69:1b:10 inet 10.100.1.219 netmask 0xfffffc00 broadcast 10.100.3.255 Thanks hotspot.nzwireless.co.nz @benjammingh for BsidesNZ 1
  2. Who's this clown? (1/2) 2 • Security Engineer at Stripe.

    • Infrastructure security at Etsy. • Opera5ons engineer at Puppet. • Two 5me sponsor of Wrong Island Con. 2 h$ps:/ /twi$er.com/skullmandible/status/411281851131523072 @benjammingh for BsidesNZ 2
  3. Who's this whingeing pom? (2/2) • Knows how to pronounce

    "router". • Is delighted to be back here enjoying the 300/400ms latency on everything. • Has had his Instagramme stuck giving him NZ ads for the past 3 months. (if you know how to fix this, please help me!) @benjammingh for BsidesNZ 3
  4. is heaps be)er than Obviously. @benjammingh for BsidesNZ 4

  5. is also be)er than both @benjammingh for BsidesNZ 5

  6. But first! @benjammingh for BsidesNZ 6

  7. A trigger warning @benjammingh for BsidesNZ 7

  8. This talk is about Vulnerabili*es @benjammingh for BsidesNZ 8

  9. vulnerability |vʌln(ə)rəˈbɪlɪ4| noun (plural vulnerabili*es) [mass noun] the quality or

    state of being exposed to the possibility of being a5acked or harmed, either physically or emo:onally: conserva:on authori:es have realized the vulnerability of the local popula:on @benjammingh for BsidesNZ 9
  10. the quality or state of being exposed to the possibility

    of being a5acked or harmed, either physically or emo$onally @benjammingh for BsidesNZ 10
  11. So if you're looking for 0-day, you may be in

    the wrong room. @benjammingh for BsidesNZ 11
  12. Impostor syndrome! @benjammingh for BsidesNZ 12

  13. Impostor syndrome is when high- achieving individuals are marked by

    an inability to internalise their accomplishments & a persistent fear of being exposed as a "fraud" — clinical psychologists Dr. Pauline R. Clance & Suzanne A. Imes @benjammingh for BsidesNZ 13
  14. "Am I even qualified to give this talk?" — Me,

    earlier today, proving that I probably am. @benjammingh for BsidesNZ 14
  15. "But everyone has this, no?" @benjammingh for BsidesNZ 15

  16. OCD vs. Actually liking things to be 2dy @benjammingh for

    BsidesNZ 16
  17. Exemplum! @benjammingh for BsidesNZ 17

  18. <Etsy story goes here, so slides are useless> @benjammingh for

    BsidesNZ 18
  19. "I am going to be discovered and fired..." — Me,

    then. @benjammingh for BsidesNZ 19
  20. THIS IS DUCKING DEPRESSING @benjammingh for BsidesNZ 20

  21. It makes it real hard to do good work @benjammingh

    for BsidesNZ 21
  22. Which then just perpetuates itself @benjammingh for BsidesNZ 22

  23. Which leads to burnout... @benjammingh for BsidesNZ 23

  24. @benjammingh for BsidesNZ 24

  25. <But....> @benjammingh for BsidesNZ 25

  26. Reality vs. Percep0on of others From h'ps:/ /billwa'.org/the-imposter-syndrome/ @benjammingh for

    BsidesNZ 26
  27. @benjammingh for BsidesNZ 27

  28. STORY TIME 2 @benjammingh for BsidesNZ 28

  29. @benjammingh for BsidesNZ 29

  30. HOLY SHIT WE HAVE DIFFERENCE EXPERIENCES @benjammingh for BsidesNZ 30

  31. (Best (worst) stock photo ever?) @benjammingh for BsidesNZ 31

  32. Impostor syndrome can be a sign that you're about to

    learn awesome things. @benjammingh for BsidesNZ 32
  33. It can be a sign you have a lot of

    knowledge to share too! @benjammingh for BsidesNZ 33
  34. Straw poll How many people have you heard of ge3ng

    fired due to knowing nothing? How many people have you heard of having impostor syndrome? @benjammingh for BsidesNZ 34
  35. So why do our brains make this trade off? @benjammingh

    for BsidesNZ 35
  36. Ego? @benjammingh for BsidesNZ 36

  37. Did I men)on I work in security? @benjammingh for BsidesNZ

    37
  38. Infosec problems (including but not limited to) • Has a&ackers.

    Coders have bugs, ops people have well the world. There are real humans a&acking you trying to break your shit.* • There is very clear win/lose stakes. • Especially in the con scene, a lot of posturing. • DefCon sCll exists (; * Assume blue team here, I know... @benjammingh for BsidesNZ 38
  39. ...which leads to • people not showing their vulnerabili3es (not

    that kind). • people not admi:ng they don't know something out of fear. • people burning out and leaving the industry. • Infosec not being the most diverse and inclusive industry. @benjammingh for BsidesNZ 39
  40. "well don't think of yourself as an imposter, think of

    yourself as not a psychopath." — Sco& Roberts @benjammingh for BsidesNZ 40
  41. "One of the best things I've done for myself lately:

    created a doc where I copy-paste compliments I've go<en. Great for low days. Try it." — Molly Clare @benjammingh for BsidesNZ 41
  42. "For passphrases, make them something posi2ve and encouraging, so every

    2me you have to type them in, you feel a li:le be:er about the world." — paraphrased from an Anonymous Canadian @benjammingh for BsidesNZ 42
  43. Brains! @benjammingh for BsidesNZ 43

  44. Aside: cogni,ve dissonance @benjammingh for BsidesNZ 44

  45. @benjammingh for BsidesNZ 45

  46. What can you do as an organisa0on? @benjammingh for BsidesNZ

    46
  47. Acknowledge it! @benjammingh for BsidesNZ 47

  48. It's okay to say what's okay @benjammingh for BsidesNZ 48

  49. From The Recurse Center @benjammingh for BsidesNZ 49

  50. Obligatory reference to blameless postmortems as I'm contractually bound to

    by Etsy @benjammingh for BsidesNZ 50
  51. Praise others, because they may feel this too. @benjammingh for

    BsidesNZ 51
  52. Tip for praise: Don't personalize. For the same reason you

    wouldn't say "You're a dumbass," don't just say "You're a genius." — @candor 5 5 Blameless praise! from Slack's great ar5cle on giving feedback @benjammingh for BsidesNZ 52
  53. Stop the nerd snipe, even if it's good inten2oned @benjammingh

    for BsidesNZ 53
  54. Your culture o*en affects people in seemingly invisible ways @benjammingh

    for BsidesNZ 54
  55. Just don't go too far (; Dunning–Kruger effect @benjammingh for

    BsidesNZ 55
  56. Let's hope I'm on track for 2me! • be understand

    to people, this is hard. • be kind to yourself, even if you're a jerk like me. • seek help if you can (friends, therapists, coworkers) @benjammingh for BsidesNZ 56
  57. This affects people differently • Confidence sadly o.en comes with

    privilege. • As does arrogance. @benjammingh for BsidesNZ 57
  58. Mess of links that will be useful when I tweet

    the URL to this slidedeck • Impostor Syndrome in DFIR - Sco5 Roberts fantas9c piece on the topic. • Allowed To Apply - blog on telling yourself you can do this. • How to get a promo9on • Blue Hackers - site on mental health in the tech community and how to help. @benjammingh for BsidesNZ 58
  59. If this sounds like an environment you'd like to work

    in, come talk to me about Jobs at Stripe @benjammingh for BsidesNZ 59
  60. Ta • My blog post on the subject • Fax:

    +1 (415) 484-7239 • Twidder: @benjammingh • SpeakerDeck: speakerdeck.com/barnbarn @benjammingh for BsidesNZ 60